US7451312B2ExpiredUtilityA1

Authenticated dynamic address assignment

87
Assignee: GEN INSTRUMENT CORPPriority: Mar 7, 2000Filed: Mar 5, 2001Granted: Nov 11, 2008
Est. expiryMar 7, 2020(expired)· nominal 20-yr term from priority
H04L 2101/604H04L 61/5007H04L 61/5014H04L 9/40H04L 61/5053H04L 63/0807H04L 69/329
87
PatentIndex Score
58
Cited by
21
References
12
Claims

Abstract

A method for an uninitialized client to obtain credentials from a server which are then used to provide authenticated exchange for network configuration parameter assignment. The obtained credentials can be applied to an authentication option when a dynamic host configuration protocol (DHCP) is being used for address assignment.

Claims

exact text as granted — not AI-modified
1. A method of providing configuration parameters to an uninitialized client in a client-server broadcast network, said method comprising:
 receiving at a proxy connected to said broadcast network a local broadcast communication initiated by said uninitialized client and intended for reception at a trusted key source, wherein said local broadcast communication includes the hardware address for said uninitialized client and wherein said proxy operates as a security intermediary between said uninitialized client and said trusted key source; 
 recording said hardware address for said uninitialized client at said proxy; 
 adding at said proxy authorization data to said received local broadcast communication when said received local broadcast communication does not include said authorization data; 
 forwarding said received local broadcast communication from said proxy to said trusted key source; 
 utilizing said trusted key source to perform a mutual authentication with said unitialized client; 
 generating at said trusted key source a ticket which includes said hardware address for said uninitialized client to said proxy; 
 forwarding said ticket, upon successful completion of the mutual authentication, from said trusted key source to said uninitialized client via said client-server broadcast network; and 
 employing said ticket to obtain a network address from said server via an authenticated address assignment protocol. 
 
     
     
       2. The method as described in  claim 1  and wherein said employing said ticket to obtain a network address comprises:
 sending an authenticated first message in said authenticated address assignment protocol from said uninitialized client to said server. 
 
     
     
       3. The method as described in  claim 2  wherein said authenticated first message is authenticated with said ticket. 
     
     
       4. The method as described in  claim 1  wherein said utilizing a trusted key source to provide ticket to said proxy comprises:
 utilizing a Kerberos key management protocol. 
 
     
     
       5. The method as described in  claim 1  wherein said employing said ticket to obtain a network address from said server via an authenticated address assignment protocol comprises:
 utilizing Dynamic Host Configuration Protocol. 
 
     
     
       6. The method as described in  claim 1  wherein said employing said ticket to obtain a network address from said server via an authenticated address assignment protocol comprises:
 utilizing said authenticated address assignment protocol selected from a set of a plurality of address assignment protocols. 
 
     
     
       7. The method as described in  claim 6  wherein said plurality of authenticated address assignment protocols comprises:
 Dynamic Host Configuration Protocol; and 
 RSIP. 
 
     
     
       8. The method as described in  claim 1  wherein said employing said ticket to obtain a network address from said server via an authenticated address assignment protocol comprises:
 obtaining an IP address. 
 
     
     
       9. The method as described in  claim 1  wherein said act of employing a trusted key source to provide ticket to said uninitialized client is not embedded in said authenticated address assignment protocol. 
     
     
       10. The method as described in  claim 1 , wherein said authorization data identifies a realm. 
     
     
       11. The method as described in  claim 10 , wherein said realm is a Kerberos administrative domain that represents a group of principals registered at a Kerberos key distribution center. 
     
     
       12. The method as described in  claim 11 , wherein said realm comprises at least one of an uninitialized client realm, a Kerberos realm, or a Dynamic Host Configuration Protocol server realm.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.